Understanding HTTPS

Are you an avid online shopper? Have you noticed if each payment page has HTTPS in its URL lead-up? If you’re not absolutely sure, you might be a prime target for identity theft. Here's why you should make sure that the websites you browse for shopping have a little padlock icon on them in the URL bar.

HTTPS Encryption

When you visit a website that doesn’t use HTTPS, which is common with older websites that have been left on its domain with minimal intervention, everything you type or click on that website is sent across the network in plain text. So, if your bank’s website doesn’t use the latest protocols, your login information can be decrypted by anyone with even the most basic tools.

HTTPS Certificates

The other thing outdated web browsing lacks is publisher certificates. When you enter a web address into your browser, your computer uses an online directory to translate that text into numerical addresses then saves that information on your computer so it doesn’t need to check the online directory every time you visit a known website.

The problem is that if your computer is hacked, it could be tricked into directing www.google.com to the address 8.8.8.255, for example, even if that’s a malicious website. Oftentimes, this strategy is implemented to send users to sites that look exactly like what they expected, but are actually false-front sites designed to trick you into providing your credentials.

HTTPS creates a new ecosystem of certificates that are issued by the online directories mentioned earlier. These certificates make it impossible for you to be redirected to a fraudulent website.

What this means for daily browsing

Most people hop from site to site too quickly to check each one for padlocks and certificates. Unfortunately, HTTPS is way too important to ignore. Here are a few things to consider when browsing:

If your browser marks a website as “unsafe”, it is always best to err on the side of caution; do not click “proceed anyway” unless you are absolutely certain nothing private will be transmitted.
There are web browser extensions that create encrypted connections to unencrypted websites (HTTPS Everywhere is a reliable Firefox, Chrome, and Opera extension that encrypts your communications with websites).
HTTPS certificates don’t mean anything if you don’t recognize the company’s name. For example, goog1e.com (with the “l” replaced with a one) could have a certificate, but that doesn’t mean it’s a trustworthy site. Many unscrupulous cybercriminals utilize similar spellings of legitimate websites to fool people into thinking that they are in a secure site. Always be vigilant.
Avoid sites that don’t use the HTTPS protocol — it can be as simple as that.

When you’re ready for IT support that handles the finer points of cybersecurity like safe web browsing, give our office a call.